Every Hide My Email address Tyler Murphy tested — 100% of them — could be traced back to the user's real email. That's not a corner case; that's the feature being broken by design.
Every Hide My Email Address Tested Was Leaky
Murphy, co-founder of data-removal service EasyOptOuts, found a bug that lets anyone unmask the disposable address Apple generates to protect your identity. He told 404 Media that in limited tests with volunteers, every single address was exploitable. The vulnerability hasn't been publicly detailed to avoid wider abuse, but Murphy confirmed all exploitation attempts succeeded.
Apple's Hide My Email is supposed to let you sign up for services without exposing your actual inbox. It's a core piece of the company's privacy marketing. A bug that leaks the underlying address in every case makes that promise hollow.
Apple Sat on This for Over a Year
Murphy reported the problem to Apple more than twelve months ago. No fix has shipped. That timeline is damning for a company that charges a premium on the back of privacy claims. TechCrunch reached out to Apple for comment; the company hasn't responded yet. 404 Media independently tested and verified the vulnerability.
This isn't Apple's first privacy stumble. In 2022, iPhone apps were caught sending analytics data even with the setting turned off. In 2023, Apple's MAC address randomization feature was found to expose real MAC addresses. Pattern recognition doesn't require a machine learning model.
Murphy notes that public people-search sites already make it trivial to connect an email to a name, address, and phone number. A working Hide My Email at least adds a layer; a broken one gives users a false sense of safety. If you rely on this feature to stay off spam lists or worse, assume it's not working until Apple proves otherwise — and that proof has been overdue for a year.
Source: Apple's Hide My Email feature has a bug that's been exposing real email addresses, researcher claims
Domain: techcrunch.com
Comments load interactively on the live page.